Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7dc9f0e1-f459-488b-91a4-d783253227a4.roa
File:                     7dc9f0e1-f459-488b-91a4-d783253227a4.roa (raw, json)
Hash identifier:          U2/Mk9HtGBPsto2vEVgK8wHi3CvXjrS68PAjzFSfYek=
Subject key identifier:   8C:C9:43:75:9E:86:3F:F4:09:E2:B3:7D:96:C1:2C:F2:ED:10:7B:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       02A195B4F8E9C546ADAF3221D5A71AD6B870509C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7dc9f0e1-f459-488b-91a4-d783253227a4.roa
Signing time:             Tue 28 Apr 2026 00:30:14 +0000
ROA not before:           Tue 28 Apr 2026 00:30:14 +0000
ROA not after:            Mon 27 Jul 2026 23:59:59 +0000
asID:                     16509
IP address blocks:        16.122.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/1ba302b8-8dab-491d-b9ed-d7c92d030d82.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Mon 04 May 2026 17:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:a1:95:b4:f8:e9:c5:46:ad:af:32:21:d5:a7:1a:d6:b8:70:50:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 28 00:30:14 2026 GMT
            Not After : Jul 27 23:59:59 2026 GMT
        Subject: serialNumber=89b037ce80f7607838268391f88f6cd86e2f9a66431655ff91b16599b5d0ca52, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:b4:97:20:c5:24:cc:38:b1:32:99:ce:bc:ef:
                    4b:0a:63:34:d1:91:90:b2:42:14:b5:c5:88:b5:a2:
                    65:68:4c:64:cb:06:89:6d:c9:79:e9:1e:5e:8c:66:
                    29:90:8b:5a:fc:71:fa:5f:f7:ec:a2:7b:78:56:5a:
                    a3:1d:73:94:0d:1e:b1:1b:e2:84:d1:a3:f0:ff:7b:
                    4a:0e:37:fa:84:93:ff:93:08:6e:7c:14:41:d8:df:
                    27:c4:b8:df:94:4a:c3:60:69:38:75:c0:1d:ab:f5:
                    77:08:76:36:2d:a7:d8:d0:00:80:9f:d5:d4:cc:1e:
                    52:d6:64:37:e2:77:95:22:02:48:f7:0b:1e:44:53:
                    c5:1e:39:b2:75:02:09:9a:20:52:df:8e:2f:ca:8a:
                    ce:45:f2:b6:0f:b0:0e:66:2f:b0:50:f1:7f:ff:97:
                    e7:1d:ee:fd:bc:af:c5:5f:2c:f3:d5:e6:82:e9:09:
                    96:e8:cb:61:f9:0d:d7:15:40:1e:43:8a:f6:b4:6c:
                    14:f2:07:24:df:e0:00:96:f8:3d:6a:87:fa:93:04:
                    d7:bc:39:29:4a:09:b3:29:8f:ec:4f:4e:e7:6b:3b:
                    a4:71:15:12:0c:e3:87:0b:09:c3:26:f7:2a:3e:3d:
                    69:f5:7e:34:3b:6d:83:17:13:a9:d8:32:31:da:16:
                    e2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:C9:43:75:9E:86:3F:F4:09:E2:B3:7D:96:C1:2C:F2:ED:10:7B:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7dc9f0e1-f459-488b-91a4-d783253227a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.122.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         70:0f:af:04:37:a5:1a:c7:83:5e:11:9f:5d:18:d1:03:d4:cb:
         e0:fb:31:bc:85:f8:68:d2:5e:6a:8e:2a:b3:cb:ec:06:6b:78:
         cb:d8:0f:92:50:13:ca:f3:89:ad:93:6f:4c:c2:89:8a:30:bb:
         a0:7e:81:5d:8a:66:5e:a0:77:71:38:bc:cb:1a:ac:08:3d:a0:
         77:d2:7a:65:40:0c:bd:74:86:ce:19:b7:6c:8e:83:4e:0f:82:
         26:1e:ef:0e:15:f6:c2:84:db:17:ee:8e:cb:2d:af:ab:9a:9f:
         01:70:c8:0b:04:d8:26:be:a8:84:4d:55:25:4f:65:d3:03:a7:
         7c:4b:d2:18:77:59:16:85:24:b3:fc:96:5d:72:5c:bb:03:42:
         d6:8e:49:20:09:f7:b3:4e:b9:50:03:9f:a0:77:7d:37:c8:49:
         24:66:97:63:19:a4:95:81:36:6b:f0:b0:19:74:44:3f:72:be:
         56:5c:48:15:ad:dc:0c:4d:90:3e:9c:d6:d7:cb:4e:04:a6:27:
         a1:20:ae:d2:6d:2c:a7:b5:e7:e2:a2:b6:ad:1f:18:46:43:d5:
         f2:c1:d4:41:b0:ba:25:66:6a:8a:92:3e:6e:f0:f0:93:ea:ea:
         87:c8:71:ec:0e:cd:46:78:57:34:da:d3:c4:a7:d5:1c:e8:2a:
         17:ae:8b:e5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAqGVtPjpxUatrzIh1aca1rhwUJwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjYwNDI4MDAzMDE0WhcNMjYwNzI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OWIwMzdjZTgwZjc2MDc4MzgyNjgzOTFmODhmNmNkODZl
MmY5YTY2NDMxNjU1ZmY5MWIxNjU5OWI1ZDBjYTUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmtJcgxSTMOLEymc6870sKYzTRkZCyQhS1xYi1omVoTGTL
BoltyXnpHl6MZimQi1r8cfpf9+yie3hWWqMdc5QNHrEb4oTRo/D/e0oON/qEk/+T
CG58FEHY3yfEuN+USsNgaTh1wB2r9XcIdjYtp9jQAICf1dTMHlLWZDfid5UiAkj3
Cx5EU8UeObJ1AgmaIFLfji/Kis5F8rYPsA5mL7BQ8X//l+cd7v28r8VfLPPV5oLp
CZboy2H5DdcVQB5Diva0bBTyByTf4ACW+D1qh/qTBNe8OSlKCbMpj+xPTudrO6Rx
FRIM44cLCcMm9yo+PWn1fjQ7bYMXE6nYMjHaFuKVAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjMlDdZ6GP/QJ4rN9lsEs8u0Qe6YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdkYzlmMGUxLWY0NTktNDg4Yi05MWE0LWQ3ODMyNTMyMjdhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQejANBgkqhkiG9w0BAQsFAAOCAQEAcA+vBDelGseDXhGfXRjRA9TL4Psx
vIX4aNJeao4qs8vsBmt4y9gPklATyvOJrZNvTMKJijC7oH6BXYpmXqB3cTi8yxqs
CD2gd9J6ZUAMvXSGzhm3bI6DTg+CJh7vDhX2woTbF+6Oyy2vq5qfAXDICwTYJr6o
hE1VJU9l0wOnfEvSGHdZFoUks/yWXXJcuwNC1o5JIAn3s065UAOfoHd9N8hJJGaX
YxmklYE2a/CwGXREP3K+VlxIFa3cDE2QPpzW18tOBKYnoSCu0m0sp7Xn4qK2rR8Y
RkPV8sHUQbC6JWZqipI+bvDwk+rqh8hx7A7NRnhXNNrTxKfVHOgqF66L5Q==
-----END CERTIFICATE-----